Skip to content

Commit 4b2c477

Browse files
stevekeaystevekeay
committed
Create OUTSIDE Network with rbac policy instead of router:external flag
Adding the rbac policy automagically updates the router type, setting the router:external flag to True, so we also change our search criterion to match existing Networks regardless of the router:external value.
1 parent ca7b6d3 commit 4b2c477

File tree

1 file changed

+18
-11
lines changed

1 file changed

+18
-11
lines changed

python/understack-workflows/understack_workflows/main/sync_keystone.py

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -73,38 +73,45 @@ def is_valid_domain(
7373

7474

7575
def _create_outside_network(conn: Connection, project_id: uuid.UUID):
76-
payload = _outside_network_payload(project_id)
77-
network = conn.network.find_network(**payload) # type: ignore
76+
network = _find_outside_network(conn, project_id)
7877
if network:
7978
logger.info(
8079
"%s Network %s already exists for this tenant",
8180
OUTSIDE_NETWORK_NAME,
8281
network.id,
8382
)
8483
else:
85-
payload.update(name=payload.pop("name_or_id"))
84+
payload = {
85+
"project_id": project_id,
86+
"name": OUTSIDE_NETWORK_NAME,
87+
"router:external": False,
88+
}
8689
network = conn.network.create_network(**payload) # type: ignore
8790
logger.info(
8891
"Created %s Network %s for tenant", OUTSIDE_NETWORK_NAME, network.id
8992
)
93+
conn.network.create_rbac_policy( # type: ignore
94+
object_type="network",
95+
object_id=network.id,
96+
action="access_as_external",
97+
target_project_id=project_id,
98+
)
9099

91100

92101
def _delete_outside_network(conn: Connection, project_id: uuid.UUID):
93-
payload = _outside_network_payload(project_id)
94-
network = conn.network.find_network(**payload) # type: ignore
102+
network = _find_outside_network(conn, project_id)
95103
if network:
96104
conn.delete_network(network.id)
97105
logger.info(
98106
"Deleted %s Network %s for this tenant", OUTSIDE_NETWORK_NAME, network.id
99107
)
100108

101109

102-
def _outside_network_payload(project_id: uuid.UUID) -> dict:
103-
return {
104-
"project_id": project_id,
105-
"name_or_id": OUTSIDE_NETWORK_NAME,
106-
"router:external": True,
107-
}
110+
def _find_outside_network(conn, project_id):
111+
return conn.network.find_network( # type: ignore
112+
project_id=project_id,
113+
name_or_id=OUTSIDE_NETWORK_NAME,
114+
)
108115

109116

110117
def handle_project_create(

0 commit comments

Comments
 (0)